The European Court of Justice ruled on October 6 to scuttle a 15-year data-transfer pact with the United States. This pact provided a “safe harbor” to over 4,000 transatlantic U.S. companies that claimed to satisfy “adequate” data-protection standards under European law. The “safe harbor” principles allowed U.S. companies operating in Europe, like Facebook and Google, to gather the private information of European citizens and transfer that data to U.S.-based servers, so long as those companies self-certified that they complied with the E.U.’s “adequacy” standards for privacy protection. The European court decided that these principles violated Europeans’ rights to privacy because they allowed American government authorities to gain easy access to Europeans’ online information through U.S.-located databases.
The Court’s ruling is in many ways a reaction to revelations over the past few years of U.S. government mass-surveillance programs, highlighted most poignantly by Edward Snowden’s leak in 2013. The Court’s ruling is based in large part on the premise that the U.S. government and U.S. companies can no longer credibly certify that they are protecting Europeans’ privacy and meeting Europe’s baseline data-protection standards. Continue reading